On Mon, 4 Feb 2008 18:17:22 +
Pavel Machek [EMAIL PROTECTED] wrote:
On Fri 2008-02-01 20:07:01, James Morris wrote:
On Fri, 1 Feb 2008, Andrew Morton wrote:
Really? I'd feel a lot more comfortable if yesterday's version 1 had led
to a stream of comments from
At Monday 04 February 2008 around 18:45:24 Serge E. Hallyn wrote:
Quoting Andrew G. Morgan ([EMAIL PROTECTED]):
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1
Ismail D??nmez wrote:
| What I meant to ask was what does per-process securebits brings as
extra.
It allows you to create
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1
Ismail Dönmez wrote:
| What I meant to ask was what does per-process securebits brings as
extra.
It allows you to create a legacy free process tree. For example, a
chroot, or container (which Serge can obviously explain in more detail),
environment
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1
Andrew Morton wrote:
| On Fri, 01 Feb 2008 00:11:37 -0800 Andrew G. Morgan
[EMAIL PROTECTED] wrote:
|
| [This patch represents a no-op unless CONFIG_SECURITY_FILE_CAPABILITIES
| is enabled at configure time.]
|
| Patches like this scare the pants
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1
[EMAIL PROTECTED] wrote:
| Quoting Andrew G. Morgan ([EMAIL PROTECTED]):
| -BEGIN PGP SIGNED MESSAGE-
| Hash: SHA1
|
| Here is the patch to add per-process securebits.
|
| Its all code that lives inside the capability LSM and the new
At Sunday 03 February 2008 around 08:18:12 Andrew Morton wrote:
So how do we ever get to the stage where we can recommend that distributors
turn these things on, and have them agree with us?
FWIW with my distributor hat on I think File system capabilities are very nice
and enables one to ship
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1
Here is the patch to add per-process securebits.
Its all code that lives inside the capability LSM and the new securebits
implementation is only active if CONFIG_SECURITY_FILE_CAPABILITIES is
enabled (it doesn't make much sense to support this
Quoting Andrew G. Morgan ([EMAIL PROTECTED]):
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1
Here is the patch to add per-process securebits.
Its all code that lives inside the capability LSM and the new securebits
implementation is only active if CONFIG_SECURITY_FILE_CAPABILITIES is
Quoting Andrew G. Morgan ([EMAIL PROTECTED]):
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1
Here is the patch adding per-process secure-bits. This patch was
generated over 2.6.24-rc8-mm1 + my privilege escalation bugfix.
Cheers
Andrew
Ref: 6a63d67f37e50dd2031b3a050ebac1e64eae916e
Quoting Andrew G. Morgan ([EMAIL PROTECTED]):
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1
Andrew,
Just to be clear, I'm not sure I agree that I'm hiding anything!
I've tried very hard to limit this functionality to only being enabled
if the still experimental LSM
Quoting Andrew G. Morgan ([EMAIL PROTECTED]):
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1
[EMAIL PROTECTED] wrote:
| Quoting Andrew G. Morgan ([EMAIL PROTECTED]):
| Here is my latest per-process secure-bits patch.
|
| Hey Andrew,
|
| looks really good. Two comments inline.
Thanks
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1
Here is the patch adding per-process secure-bits. This patch was
generated over 2.6.24-rc8-mm1 + my privilege escalation bugfix.
Cheers
Andrew
Ref: 6a63d67f37e50dd2031b3a050ebac1e64eae916e
-BEGIN PGP SIGNATURE-
Version: GnuPG v1.2.6
On Wed, 30 Jan 2008 23:02:30 -0800 Andrew G. Morgan [EMAIL PROTECTED] wrote:
With filesystem capabilities it is now possible to do away with
(set)uid-0 based privilege and use capabilities instead.
Historically, this was first attempted with a kernel-global set of
securebits. That
Quoting Andrew G. Morgan ([EMAIL PROTECTED]):
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1
Here is my latest per-process secure-bits patch.
Hey Andrew,
looks really good. Two comments inline.
Cheers
Andrew
-BEGIN PGP SIGNATURE-
Version: GnuPG v1.2.6 (GNU/Linux)
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1
Here is my latest per-process secure-bits patch.
Cheers
Andrew
-BEGIN PGP SIGNATURE-
Version: GnuPG v1.2.6 (GNU/Linux)
iD8DBQFHmg44+bHCR3gb8jsRAqPoAJ9IrlrQLKNcw8c4T0pgCmn/Lcng7wCfYjVI
Tu1ufhQCjaMjuUizjJuMvrM=
=NiGN
-END PGP
Quoting Andrew G. Morgan ([EMAIL PROTECTED]):
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1
Here is my latest per-process secure-bits patch.
Thanks Andrew, I'll check this out tonight or this weekend.
-serge
Cheers
Andrew
-BEGIN PGP SIGNATURE-
Version: GnuPG v1.2.6 (GNU/Linux)
16 matches
Mail list logo